|
Title: Guess I got hacked Post by: cad_cdn on March 28, 2014, 01:11:32 PM synched up my wallet and found a transaction... that I never made. it emptied my wallet.
12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4 looks like a couple others got hacked as well. trying to figure out how it happened. I encrypt my wallet and have a passphrase that is pretty strong... backup wallet would be useless because the tx has already happened in the chain correct? Title: Re: Guess I got hacked Post by: Zeeks on March 28, 2014, 01:14:23 PM You probably used your private key on a compromised device at some point. Going off the scant information you provide anyway. You should carefully check all your devices for programs you don't recognize.
Title: Re: Guess I got hacked Post by: plasm on March 28, 2014, 01:18:27 PM Maybe your register email was hacked.Check it! Title: Re: Guess I got hacked Post by: cad_cdn on March 28, 2014, 01:20:02 PM thx,
ya, I'm surprised, I'm pretty good with being careful, obviously, I missed something. damn. that was my mining efforts to pay back purchases of gear.... You probably used your private key on a compromised device at some point. Going off the scant information you provide anyway. You should carefully check all your devices for programs you don't recognize. Title: Re: Guess I got hacked Post by: Tammy Chan on March 28, 2014, 05:23:01 PM synched up my wallet and found a transaction... that I never made. it emptied my wallet. 12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4 looks like a couple others got hacked as well. trying to figure out how it happened. I encrypt my wallet and have a passphrase that is pretty strong... backup wallet would be useless because the tx has already happened in the chain correct? Which wallet are you using? bitcoin-qt? It is a bit strange that the hacker didn't empty your wallet, and there is still 0.09 BTC on that address. You should now send the remaining 0.09 BTC to a new wallet ASAP. Title: Re: Guess I got hacked Post by: cad_cdn on March 29, 2014, 01:32:50 PM I am using bitcoin qt, latest version. I'm stumped as to how they got my priv key. I have not had reason to use it in a few weeks. My wallet is encrypted, and strong passphrase.
Also, The address above is not mine, that is where the funds were sent to. I'm stumped! I would say- if I was careless, I deserve it, but I'm not careless with my wallet.... Title: Re: Guess I got hacked Post by: fbueller on March 29, 2014, 10:53:06 PM I am using bitcoin qt, latest version. I'm stumped as to how they got my priv key. I have not had reason to use it in a few weeks. My wallet is encrypted, and strong passphrase. Also, The address above is not mine, that is where the funds were sent to. I'm stumped! I would say- if I was careless, I deserve it, but I'm not careless with my wallet.... I ran the transactions on your address through a script that check's for k-reuse in signatures, it doesn't look like that was the case here.. What OS do you run? Download any new but unverified bitcoin related software lately? Title: Re: Guess I got hacked Post by: cad_cdn on March 29, 2014, 11:11:46 PM I run windows 7 on the machine in question.
I also just noticed that the hack is still ongoing. I mine at elgius, so there was a pending payout due. After discovering the hack I immediately changed my wallet passphrase, changed all my mining payout addresses, Then, this morning another of my daily mining proceeds were again diverted again to the same address. I have stopped my proceeds going to my address (this is MY address that was hacked 1M2yzo3YU5RDGtMnqWMANcSij7r7n9rbCL) Payments are now going to another address that is working and un atached to thsi wallet. I wish I could recover the funds - but more importantly figure out where I have been compromised. I'm thinking a very good keylogger attached to a windows service, or masked as a windows service (svchost.exe) or something. AV (malwarebytes chameleon comes up clean) MS antivirus clean as well. upsetting to say the least. I am using bitcoin qt, latest version. I'm stumped as to how they got my priv key. I have not had reason to use it in a few weeks. My wallet is encrypted, and strong passphrase. Also, The address above is not mine, that is where the funds were sent to. I'm stumped! I would say- if I was careless, I deserve it, but I'm not careless with my wallet.... I ran the transactions on your address through a script that check's for k-reuse in signatures, it doesn't look like that was the case here.. What OS do you run? Download any new but unverified bitcoin related software lately? Title: Re: Guess I got hacked Post by: BitcoinAwesomeMan on March 30, 2014, 10:17:35 AM hmmm i dont think it would be anything that advanced. Might be some form of injection through the browser level possibly?
Title: Re: Guess I got hacked Post by: cad_cdn on March 30, 2014, 02:49:32 PM frustrating to have to admit that I got hacked with no idea how.
hmmm i dont think it would be anything that advanced. Might be some form of injection through the browser level possibly? Title: Re: Guess I got hacked Post by: E.exchanger on March 31, 2014, 03:11:43 AM Sorry about that man but that maybe because of a keylogger or a wallet stealer. Do of often go on gambling websites randomly or faucets or anything that requires you to make a deposit like gambling websites???
Which anti virus are you using ?? I strongly recommend to scan ever downloaded file with virustotal and get a pro version of malwarebytes !! Title: Re: Guess I got hacked Post by: cad_cdn on March 31, 2014, 03:17:31 AM I don't gamble, and no faucets. it has to be a wallet stealer masked as another program.
I'm using MS Security Essentials and malwarebytes chameleon. thx Sorry about that man but that maybe because of a keylogger or a wallet stealer. Do of often go on gambling websites randomly or faucets or anything that requires you to make a deposit like gambling websites??? Which anti virus are you using ?? I strongly recommend to scan ever downloaded file with virustotal and get a pro version of malwarebytes !! Title: Re: Guess I got hacked Post by: zvs on March 31, 2014, 06:07:58 PM java is evil
Title: Re: Guess I got hacked Post by: LouReed on March 31, 2014, 06:58:27 PM Damn, that sucks bro! I got ripped off last week of 2.2 Bitcoin from that damn Blockchain.info phishing site, it's a pretty shitty fucking feeling to say the least!!! :'(
Title: Re: Guess I got hacked Post by: cad_cdn on March 31, 2014, 06:59:36 PM yes, sorry to hear about your loss!
Damn, that sucks bro! I got ripped off last week of 2.2 Bitcoin from that damn Blockchain.info phishing site, it's a pretty shitty fucking feeling to say the least!!! :'( Title: Re: Guess I got hacked Post by: justme27 on March 31, 2014, 07:29:42 PM Quick search for 12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4:
https://bitcointalk.org/index.php?topic=259649.msg4145690#msg4145690 Did you have a 10-char password, by any chance? https://bitcointalk.org/index.php?topic=85495.msg4392968#msg4392968 Title: Re: Guess I got hacked Post by: cad_cdn on March 31, 2014, 07:42:17 PM no, was is 17 characters.
Quick search for 12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4: https://bitcointalk.org/index.php?topic=259649.msg4145690#msg4145690 Did you have a 10-char password, by any chance? https://bitcointalk.org/index.php?topic=85495.msg4392968#msg4392968 Title: Re: Guess I got hacked Post by: BitDonkey on April 03, 2014, 03:54:47 AM That is interesting. I too got hacked with two transactions (Feb 25th) to the same address (12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4) you listed. I didn't notice until I cranked up the 0.8.6 version wallet a couple of days ago. That is an address that user tazja claims to be his/her address.
You can see his reference to the address here in https://bitcointalk.org/index.php?topic=259649.msg4145690#msg4145690 Perhaps we can talk to him to get our coin back and/or find out why his/her address would be the place to send coin in a hack attack? Title: Re: Guess I got hacked Post by: Chemistry1988 on April 03, 2014, 05:48:23 AM Perhaps we can talk to him to get our coin back and/or find out why his/her address would be the place to send coin in a hack attack? The interesting thing is he has lost the password, and it is not feasible to brute force it. So, even if he agrees to pay you back, he can't. :) Thank you for answering me. If I know that I probably put 10 characters with a capital letter at the beginning and 2 number at the end without knowing what it was, I have a chance to find the password with a script? 1 capital letter == 26^1 == 26 2 digits == 10^2 == 100 7 mixed case == 52^7 == 1028071702528 26 * 100 * 1028071702528 == 2672986426572800 2672986426572800 passwords / 10 passwords per second == 8,470,364 years Title: Re: Guess I got hacked Post by: fbueller on April 03, 2014, 11:10:25 AM Both of you are miners? There's a coincidence! Have you contacted the other person funds were taken from?
Title: Re: Guess I got hacked Post by: James222 on April 03, 2014, 11:19:43 AM Yeah you probly got hacked. You probly had a keylogger. Run a virus scan also
Title: Re: Guess I got hacked Post by: Delivereath on April 04, 2014, 11:21:01 AM I also got hacked by the same user and I know that he is french and has some french IPs (I found a lot of them with the help of some forums admins). I got some old IPs which are not using proxy and I'm preparing a police complaint in France to get the identity of this person.
I probably got a virus/trojan and he was able to open a teamviewer session with my computer and stole my wallets. Unfortunately, I forgot a backup wallet which was unencrypted so he was able to easily transfer my bitcoins. I also have a few of its online identites and you can find him on http://jomgegar.com/ (which clearly is a hacker forum) with username tazbox. He uses username tazja on bitcointalk and some other ones on french forums. If someone wants to participate or help, you're welcome. This kind of hack can lead to prison (5 years) here in France and I'm determined to send him there. Has anyone directly contacted him ? Title: Re: Guess I got hacked Post by: cad_cdn on April 04, 2014, 01:22:15 PM Nail the F@cker!
I also got hacked by the same user and I know that he is french and has some french IPs (I found a lot of them with the help of some forums admins). I got some old IPs which are not using proxy and I'm preparing a police complaint in France to get the identity of this person. I probably got a virus/trojan and he was able to open a teamviewer session with my computer and stole my wallets. Unfortunately, I forgot a backup wallet which was unencrypted so he was able to easily transfer my bitcoins. I also have a few of its online identites and you can find him on http://jomgegar.com/ (which clearly is a hacker forum) with username tazbox. He uses username tazja on bitcointalk and some other ones on french forums. If someone wants to participate or help, you're welcome. This kind of hack can lead to prison (5 years) here in France and I'm determined to send him there. Has anyone directly contacted him ? |